Researcher: Most firms don’t even take simple cyber security measures

( If you have ever wondered why there are so many data breaches at so many private companies, here is your answer: It’s because too few firms take serious steps to protect against hacking.

That’s the conclusion of well-known cyber security researcher Brian Krebs, who recently presented a fascinating by scary seminar regarding the current state of cyber crime at the Gartner Symposium in Orlando, Fla.

As reported by PC Magazine, Krebs, in talking to a group of CIO’s (chief information officers) and other IT executives, said there is a large “PR gap” between the perception and reality of cyber crime and hacking.

“The light at the end of the tunnel isn’t a way out,” he said. “It’s an oncoming train.”

Most notably, he says, hackers have done a much better job of sharing information than CIOs. In recent hacks, he said, a simple examination of security logs would have alerted companies that they were under cyber assault.

The magazine, in online editions, noted that Krebs spent a great deal of his time discussing hacks on credit card companies, which mostly focus on malware aimed at Point of Sale (POS) systems. He also talked about how, over the past two years, hackers have both improved the way they attack and have developed underground markets for buying and selling hacked data, making it more “customer friendly.”

In addition, he said, street gangs are beginning to turn to credit card fraud as a fast way of turning an investment of $10-20 into as much as $1,000. These operations are not just profitable but they are far less dangerous and risky than drug dealing, and are often viewed as “victimless crimes” because account holders are not typically liable for any charges.

“Krebs noted problems such as the number of POS systems with Web browsers, and how this is a very common vector of attack. He said the transition to chip-and-pin credit cards is not to going solve the problem, citing how in other countries, that transition has led to an increase in e-commerce fraud, new account fraud, and account takeovers,” the magazine reported.

At the conclusion of his talk, he made five recommendations for improving cyber security for companies:

— Network segmentation

— Dedicated cyber response teams

— Use breaches as teachable incidents

— Practice breach response(s)

— Include and invite partner firms

He also recommended that companies make their most sensitive networks accessible only to employees within who have a particular need to access it.

Have you ‘liked’ on Facebook? Click here!

Check out AlternativeNews for more breaking news on cyber attacks and hacking.

See also:




comments powered by Disqus